Описание
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | not-affected | |
| focal | not-affected | |
| jammy | not-affected | |
| kinetic | not-affected | |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
7.1 High
CVSS3
Связанные уязвимости
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory ...
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
Уязвимость программного средства хранения и управления информацией о пользователях, группах и других объектах в сетевой среде openldap2, связанная с использованием ненадёжного пути поиска, позволяющая нарушителю повысить свои привилегии до уровня root
EPSS
7.1 High
CVSS3